Security Service Edge (SSE) 


CLOUDFLARE 


Planning for security service consolidation while adopting at your own pace 


Cloud-centric convergence 


The complexity of maintaining multiple point solutions is driving 
most organizations to consolidate their preferred vendors. 
Today, “best-of-breed” capabilities and broad platforms don’t 
have to be mutually exclusive. As the majority of IT buyers lean 
toward consolidation, security vendors are meeting the moment 
by amplifying the value of their security platforms beyond what 
each service could accomplish individually. 


The SSE approach — which straddles point products and full 
consolidation — focuses more deeply on security capabilities 
than most Secure Access Service Edge (SASE) offerings, as it is 
not tied to network infrastructure. In our opinion, our Zero Trust 
platform matches Gartner’s SSE and converges formerly-distinct 
point products: ZTNA, VPN, SWG, DNS Filtering, CASB, RBI, and 
Firewall as a Service (FWaaS). 
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SSE as a bridge to SASE 


Self-Hosted Apps 


“Consolidate vendors, and cut 
complexity and costs as contracts 
renew for SWGs, CASBs and VPNs 
(replacing with a ZTNA approach). 
Leverage a converged market that 
emerges by combining these 
services.” 1 


Gartner. 


VPN replacement 
® simplify and secure 
connecting any user to any 


Internet Apps resource 


SaaS security 

visibility and control of 

— applications including email 
cy 
Internet protection 

keep your data safe from 
threats over any port and 
protocol 


Security modernization 
Cs improved productivity, 
simpler operations, reduced 
SaaS Apps attack surface 


While converging security and network edge 
services is the ultimate goal of SASE, some 
companies may never look to fully 
consolidate to a single vendor, based on 
their history and current infrastructure. 
Regardless of your long-term SASE strategy, 
Cloudflare can help you modernize security, 
transform your corporate network, or both. 
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Single-vendor SASE 

For businesses aiming to fully 
unify security and network edge 
services from a single vendor, 
Cloudflare One, our SASE 
platform, provides Zero Trust 
network-as-a-service built on our 
270+ city global network. 


Multi-vendor SASE 

For those with mature SD-WAN 
deployments or disjointed security 
and network teams, Cloudflare 
Zero Trust can help modernize 
security and achieve an SSE 
implementation, leveraging 
SD-WAN partnerships for 
multi-vendor SASE. 


a 


CLOUDFLARE 


Composable SSE adoption 


The move to cloud-based SSE is not intended to be an 
overnight switch; Cloudflare Zero Trust helps organizations 
phase out hardware at their desired pace. Many businesses will 
start their Zero Trust journey by augmenting their VPN with 
ZTNA, on a path to full replacement. Streamlining SaaS security 
is a close second priority for most, with broader threat and 
data protection strategies following soon thereafter. 


“Inventory equipment and contracts 
to implement a multiyear phase out of 
on-premises perimeter and branch 
security hardware in favor of 
cloud-based delivery of SSE. Target 
consolidation of on-premises 
equipment ideally to a single 


appliance.” 1 
Gartner. 


Our uniform, composable architecture facilitates modular 
adoption of security services. Businesses can deploy custom 
combinations of services to fit their prioritized use cases—no 
“all or nothing” mindset necessary. 


Integration fuels innovation 


All Cloudflare services run on every server in every data center across our massive global network, so there are no gaps in 
coverage or inconsistencies. This helps us deliver single-pass inspection and ensure the highest level of security, performance, 
and reliability. 


Natively integrated services also surface more creative opportunities to combine functionality across multiple services and 
deliver on our customers’ desired use cases. As these product lines blur, cross-service interaction helps us solve more 


advanced scenarios and truly modernize security. 


Strengthen third-party access security 


m ZTNA and RBI integrate to provide safe access for 
third parties like contractors and partners 


a Verify contextual information for authorization, and 
serve apps in isolated browsers to protect data 


m Clientless operation for both services simplifies 
rollout with no downloads required 


Simplify SaaS remediation workflows 


m SWG and CASB integrate to enable a “find and fix” 
workflow; block some or all suspicious SaaS activity 
straight from CASB security findings 


m Expand SaaS visibility to help detect and remediate 
issues that could lead to data leaks or compliance 
violations 


Start your journey to a faster, more reliable, more secure network 


Try it now 
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Visualize and audit SSH sessions 


m ZTNA and SWG integrate to provide visibility across 
entire SSH sessions to monitor privileged access 


a Simplify SSH access with clientless, browser-based 
SSH sessions through ZTNA 


m Provide SSH session visibility at a network layer; log 
every command using SWG as a proxy 


Better protect against phishing 


m Email security and RBI integrate to combat 
sophisticated phishing attacks and business email 
compromise (BEC) 


a No predictive threat intelligence is perfect; opening 
email links in an isolated browser provides an extra 
layer of protection 


Not ready to try it 
out? Keep learning 
more about 
Cloudflare One 
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